06-11-2015 03:59 AM
Solved! Go to Solution.
06-11-2015 05:07 AM
1: the only way to prevent someone copying these files, is to prevent staff from having access to those files. E.g only allow staff to manage NBU thru a GUI or deploy NBAC on the server (users being normal domain users). If all staff has administrator right its almost impossible to prevent access, because all barriers can be disabled by admin.
But that said - A Netbackup admin can restore all data anyway - data encrypted or not so whats the worries by the auditors ?
Please also notice: if pass phases is know - every NBU admin can re-create the encryption keys needed. This is one of the reasons whay NBAC has a special KMS admin role separate from the normal NBU admin.
06-11-2015 05:07 AM
1: the only way to prevent someone copying these files, is to prevent staff from having access to those files. E.g only allow staff to manage NBU thru a GUI or deploy NBAC on the server (users being normal domain users). If all staff has administrator right its almost impossible to prevent access, because all barriers can be disabled by admin.
But that said - A Netbackup admin can restore all data anyway - data encrypted or not so whats the worries by the auditors ?
Please also notice: if pass phases is know - every NBU admin can re-create the encryption keys needed. This is one of the reasons whay NBAC has a special KMS admin role separate from the normal NBU admin.